Many companies are aware of the operational dangers of IT incidents. They are planning investments in technology and know-how and are also approaching new security approaches such as Zero Trust. In the current survey, 86 percent of companies state that they want to increase their IT security budget by 2024.
A survey by techconsult, in which Sophos participated, shows what technical decision-makers from trade, industry or service providers expect from security solutions.
Over 50 percent had an attack
More than half of all respondents (52 percent) had suffered one (12 percent) or more security attacks on their organization in the past 26 months. Phishing (42 percent) and ransomware (36 percent) take the top spots. Bronze (31 percent) goes to the Insider Threat attack type, Negligent subtype (there is also Criminal, but this accounts for only 15 percent). To put it bluntly, this includes clumsiness and ignorance on the part of employees, external service providers, partner companies or ex-colleagues.
Respondents also see these three problems as security threats for their industries in the coming years:
- phishing (51 percent),
- negligent insider threat (34 percent)
- Ransomware (28 percent).
A good third (32 percent) complained about disruptions and failures in business processes. 26 percent suffered financial losses as well as the loss of sensitive data. After all, many companies address the issue at board level (43 percent) and have a coordinated security and network strategy (42 percent). 49 percent have antivirus solutions and malware detection, 41 percent have a packet filter/proxy firewall and 38 percent have data security, backup and recovery solutions up their sleeves.
How do companies want to arm themselves in the future?
48 percent rely on the use of new security technologies. Only 16 percent currently have a ZTNA (Zero Trust Network Access). But 61 percent plan to adopt a Zero Trust architecture, either within 12 months (26 percent), 24 months (20 percent), or long term (15 percent). For only 6 percent, this security approach is not an issue.
The complexity of the implementation (36 percent), a lack of know-how in the company (33 percent), excessive investment costs (26 percent), but also non-transparent (22 percent each) and insufficiently tested offers from the providers are or were the introduction of So far, however, opposed to Zero Trust.
87 percent want to spend more on technical tools and training
For 58 percent of those surveyed, the secure connection and networking of their branches is a motivation to promote Zero Trust more in the company. More data security and the preservation of the home office infrastructure (both 56 percent) would boost zero trust. Protection from insider threats (55 percent) may mitigate future fears (see above).
Two-thirds (60 percent) expect fewer security incidents with a Zero Trust architecture. The companies also expect higher access security to applications in the cloud and improved network security (both 57 percent). Onboarding employees as part of New Work is very important to more than every second person (56 percent). Lower costs and complexity as well as less downtime (both 51 percent) also speak for Zero Trust.
Zero trust in focus for many
In view of this attested benefit, companies are planning specific technical measures over the next few years. This includes the encryption of data and transport routes (34 percent), user profiles and corresponding guidelines (33 percent), data loss prevention (30 percent) and VPN (23 percent).
In addition to the technical solutions, the companies are also dealing with organizational measures within their Zero Trust architecture. These include emergency and response plans (35 percent), needs assessments and certifications (32 percent each). Apparently little importance is attached to network segmentation (with 17 percent penultimate place) and the establishment of a risk analysis with risk management (15 percent).
To do all of this, 86 percent plan to increase their security budgets over the next two years. The majority of respondents (36 percent) are aiming for an increase of 11-20 percent.
About the poll
As part of a multi-client project in which Sophos was involved, among others, 2021 companies from retail, IT, logistics, services and industry were surveyed in December 204. In addition to board members, CIOs, CSOs and IT information security officers in particular provided information.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.